Addressing
Compared to IPv4, the most obvious advantage of IPv6 is its larger address space. IPv4 addresses are 32 bits long and number about 4.3×109 (4.3 billion).[31] IPv6 addresses are 128 bits long and number about 3.4×1038 (340 undecillion). IPv6's addresses are deemed enough for the foreseeable future.
IPv6 addresses are written in eight groups of four hexadecimal digits separated by colons, such as
2001:0db8:85a3:0000:0000:8a2e:0370:7334. IPv6 unicast addresses other than those that start with binary 000 are logically divided into two parts: a 64-bit (sub-)network prefix, and a 64-bit interface identifier.
An IPv6 host may generate its own IP address and test its uniqueness in the addressing scope intended. IPv6 addresses consist of two parts. The most-significant 64 bits are the subnet prefix to which the host is connected, and the least-significant 64 bits are the identifier of the host interface on the subnet. This means that the identifier need only be unique on the subnet to which the host is connected, which simplifies the detection of duplicate addresses.
Autoconfigured address format part Subnet prefix Interface identifier bits 64 64
Link local address
All IPv6 hosts require a link-local address. This is derived from the MAC address of each interface and the link-local prefix FE80::/10. The process involves filling the address space with prefix bits left-justified to the most-significant bit, and filling the MAC address in EUI-64 format into the least-significant bits. If any bits remain to be filled between the two parts, those are set to zero.
The uniqueness of the address on the subnet is tested with the Duplicate Address Detection (DAD) method.
Address uniqueness
Hosts verify the uniqueness of addresses assigned by sending a neighbor solicitation message asking for the Link Layer address of the IP address. If any other host are using that address, they respond. However, MAC addresses are designed to be unique on each network card which minimizes chances of duplication.
The host first determines if the network is connected to any routers at all, because if not, then all nodes are reachable using the link-local address that already is assigned to the host. The host will send out a Router Solicitation message to the all-routers multicast group with its link local address as source. If there is no answer after a predetermined number of attempts, the host concludes that no routers are connected. If it does get a response from a router, there will be network information inside that is needed to create a globally unique address. There are also two flag bits that tell the host whether it should use DHCP to get further information and addresses:
- The Manage bit, that indicates whether or not the host should use DHCP to obtain additional addresses
- The Other bit, that indicates whether or not the host should obtain other information through DHCP. The other information consists of one or more prefix information options for the subnets that the host is attached to, a lifetime for the prefix, and two flags:[36]
- On-link
- If this flag is set, the host will treat all addresses on the specific subnet as being on-link, and send packets directly to them instead of sending them to a router for the duration of the given lifetime.
- Address
- This is the flag that tells the host to actually create a global address.
Global addressing
The assignment procedure for global addresses is similar to local address construction. The prefix is supplied from router advertisements on the network. Multiple prefix announcements cause multiple addresses to be configured.
Stateless address autoconfiguration (SLAAC) requires a /64 address block, as defined in RFC 4291. Local Internet registries are assigned at least /32 blocks, which they divide among subordinate networks. The initial recommendation stated assignment of a /48 subnet to end-consumer sites (RFC 3177). This was replaced by RFC 6177, which "recommends giving home sites significantly more than a single /64, but does not recommend that every home site be given a /48 either". /56s are specifically considered. It remains to be seen if ISPs will honor this recommendation. For example, during initial trials, Comcast customers were given a single /64 network.
IPv6 addresses are classified by three types of networking methodologies: unicast addresses identify each network interface, anycast addresses identify a group of interfaces, usually at different locations of which the nearest one is automatically selected, and multicast addresses are used to deliver one packet to many interfaces. The broadcastmethod is not implemented in IPv6. Each IPv6 address has a scope, which specifies in which part of the network it is valid and unique. Some addresses are unique only on the local (sub-)network. Others are globally unique.
Some IPv6 addresses are reserved for special purposes, such as loopback, 6to4 tunneling, and Teredo tunneling, as outlined in RFC 5156. Also, some address ranges are considered special, such as link-local addresses for use on the local link only, Unique Local addresses (ULA), as described in RFC 4193, and solicited-node multicast addresses used in the Neighbor Discovery Protocol.
IPv6 in the Domain Name System
In the Domain Name System, hostnames are mapped to IPv6 addresses by AAAA resource records, so-called quad-A records. For reverse resolution, the IETF reserved the domain
ip6.arpa, where the name space is hierarchically divided by the 1-digit hexadecimal representation of nibble units (4 bits) of the IPv6 address. This scheme is defined in RFC 3596.
The 128 bits of an IPv6 address are represented in 8 groups of 16 bits each. Each group is written as 4 hexadecimal digits and the groups are separated by colons (:). The address 2001:0db8:0000:0000:0000:ff00:0042:8329 is an example of this representation.
For convenience, an IPv6 address may be abbreviated to shorter notations by application of the following rules, where possible.
- One or more leading zeroes from any groups of hexadecimal digits are removed; this is usually done to either all or none of the leading zeroes. For example, the group 0042is converted to 42.
- Consecutive sections of zeroes are replaced with a double colon (::). The double colon may only be used once in an address, as multiple use would render the address indeterminate. RFC 5952 recommends that a double colon must not be used to denote an omitted single section of zeroes.
An example of application of these rules:
- Initial address: 2001:0db8:0000:0000:0000:ff00:0042:8329
- After removing all leading zeroes in each group: 2001:db8:0:0:0:ff00:42:8329
- After omitting consecutive sections of zeroes: 2001:db8::ff00:42:8329
The loopback address, 0000:0000:0000:0000:0000:0000:0000:0001, may be abbreviated to ::1 by using both rules.
As an IPv6 address may have more than one representation, the IETF has issued a proposed standard for representing them in text
Transition Mechanisms
IPv6 is not foreseen to supplant IPv4 instantaneously. Both protocols will continue to operate simultaneously for some time. Therefore, some IPv6 transition mechanisms are needed to enable IPv6 hosts to reach IPv4 services and to allow isolated IPv6 hosts and networks to reach each other over IPv4 infrastructure.
Many of these transition mechanisms use tunneling to encapsulate IPv6 traffic within IPv4 networks. This is an imperfect solution, which reduces the maximum transmission unit(MTU) of a link and therefore complicates Path MTU Discovery, and may increase latency. Tunneling protocols are a temporary solution for networks that do not support native dual-stack, where both IPv6 and IPv4 run independently.
Dual IP stack implementation
Dual-stack (or native dual-stack) IP implementations provide complete IPv4 and IPv6 protocol stacks in the same network node. This facilitates native communications between nodes using either protocol. The method is defined in RFC 4213.
This is the most desirable IPv6 implementation during the transition from IPv4 to IPv6, as it avoids the complexities of tunneling, such as security, increased latency, management overhead, and a reduced PMTU. However, it is not always possible, since outdated network equipment may not support IPv6.
Dual-stack software design is a transitional technique to facilitate the adoption and deployment of IPv6. However, it might introduce more security threats as hosts could be subject to attacks from both IPv4 and IPv6. It has been argued that dual-stack could ultimately overburden the global networking infrastructure by requiring routers to deal with IPv4 and IPv6 routing simultaneously.
Tunneling
Many current Internet users do not have IPv6 dual-stack support, and thus cannot reach IPv6 sites directly. Instead, they must use IPv4 infrastructure to carry IPv6 packets. This is done using a technique known as tunneling, which encapsulates IPv6 packets within IPv4, in effect using IPv4 as a link layer for IPv6.
IP protocol 41 indicates IPv4 packets which encapsulate IPv6 datagrams. Some routers or network address translation devices may block protocol 41. To pass through these devices, UDP packets may be used to encapsulate IPv6 datagrams. Other encapsulation schemes, such as AYIYA or Generic Routing Encapsulation, are also popular.
Conversely, on IPv6-only Internet links, when access to IPv4 network facilities is needed, tunneling of IPv4 over IPv6 protocol occurs, using the IPv6 as a link layer for IPv4.
Automatic tunneling
Automatic tunneling refers to a technique by which the routing infrastructure automatically determines the tunnel endpoints. Some automatic tunneling techniques are below.
6to4 is recommended by RFC 3056. It uses protocol 41 encapsulation. Tunnel endpoints are determined by using a well-known IPv4 anycast address on the remote side, and embedding IPv4 address information within IPv6 addresses on the local side. 6to4 is the most common tunnel protocol currently deployed.
Teredo is an automatic tunneling technique that uses UDP encapsulation and can allegedly cross multiple NAT nodes. IPv6, including 6to4 and Teredo tunneling, are enabled by default in Windows Vista and Windows 7. Most Unix systems implement only 6to4, but Teredo can be provided by third-party software such as Miredo.
ISATAP (Intra-Site Automatic Tunnel Addressing Protocol) uses the IPv4 network as a virtual IPv6 local link, with mappings from each IPv4 address to a link-local IPv6 address. Unlike 6to4 and Teredo, which are inter-site tunneling mechanisms, ISATAP is an intra-site mechanism, meaning that it is designed to provide IPv6 connectivity between nodes within a single organization.
Configured and automated tunneling (6in4)
6in4 tunneling requires the tunnel endpoints to be explicitly configured, either by an administrator manually or the operating system's configuration mechanisms, or by an automatic service known as a tunnel broker; this is also referred to as automated tunneling. Configured tunneling is usually more deterministic and easier to debug than automatic tunneling, and is therefore recommended for large, well-administered networks. Automated tunneling provides a compromise between the ease of use of automatic tunneling and the deterministic behavior of configured tunneling.
Raw encapsulation of IPv6 packets using IPv4 protocol number 41 is recommended for configured tunneling; this is sometimes known as 6in4 tunneling. As with automatic tunneling, encapsulation within UDP may be used in order to cross NAT boxes and firewalls.
Proxying and translation for IPv6-only hosts
After the regional Internet registries have exhausted their pools of available IPv4 addresses, it is likely that hosts newly added to the Internet might only have IPv6 connectivity. For these clients to have backward-compatible connectivity to existing IPv4-only resources, suitable IPv6 transition mechanisms must be deployed.
One form of address translation is the use of a dual-stack application-layer proxy server, for example a web proxy.
NAT-like techniques for application-agnostic translation at the lower layers in routers and gateways have been proposed. The NAT-PT standard was dropped because of criticisms;[53] however, more recently, the continued low adoption of IPv6 has prompted a new standardization effort of a technology called NAT64.
No comments:
Post a Comment